Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20150aa9 by Moritz Muehlenhoff at 2021-04-29T20:58:04+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3875,6 +3875,7 @@ CVE-2021-30152 (An issue was discovered in MediaWiki
before 1.31.13 and 1.32.x t
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the
queue n ...)
- ruby-sidekiq <unfixed> (bug #987354)
+ [buster] - ruby-sidekiq <no-dsa> (Minor issue)
[stretch] - ruby-sidekiq <no-dsa> (Minor issue)
NOTE: https://github.com/mperham/sidekiq/issues/4852
NOTE:
https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8
@@ -22241,6 +22242,7 @@ CVE-2021-22208
RESERVED
CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark
3.4.0 to ...)
- wireshark <unfixed>
+ [buster] - wireshark <postponed> (Minor issue, can be fixed along in
future update)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17331
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html
CVE-2021-22206
@@ -28214,6 +28216,7 @@ CVE-2021-20255 (A stack overflow via an infinite
recursion vulnerability was fou
CVE-2021-20254 [Negative idmap cache entries can cause incorrect group entries
in the Samba file server process token]
RESERVED
- samba <unfixed>
+ [buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14571
NOTE:
https://git.samba.org/?p=samba.git;a=commitdiff;h=75ad84167f5d2379557ec078d17c9a1c244402fc
(master)
@@ -75319,6 +75322,7 @@ CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php
viewer parameter exposes
NOT-FOR-US: TestLink
CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject
authentic ...)
- opendmarc <unfixed> (bug #977767)
+ [buster] - opendmarc <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/opendmarc/tickets/237/
NOTE:
https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and
18.0 bef ...)
@@ -165738,6 +165742,7 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8,
unmarshalling corrupt MQTT fra
- activemq 5.15.9-1 (bug #925964; unimportant)
[jessie] - activemq <not-affected> (MQTT support not enabled)
- mqtt-client 1.16-1
+ [buster] - mqtt-client <no-dsa> (Minor issue)
NOTE:
http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
NOTE: activemq disabled MQTT transport in 5.6.0+dfsg-1
(d/patches/exclude_mqtt.diff)
NOTE: but enabled activemq-mqtt in 5.13.2+dfsg-2 using the external
mqtt-client.
=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
+--
+bind9
--
chromium
--
@@ -31,6 +33,8 @@ jetty9
--
python-pysaml2 (jmm)
--
+ruby-rack-cors
+--
salt
--
webkit2gtk
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20150aa975529f242089acc1dfba998506eb59b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20150aa975529f242089acc1dfba998506eb59b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
